<?php
namespace app\http;

class CorsMiddleware
{
    public function handle($request, \Closure $next)
    {
        $response = $next($request);
        $response->header("Access-Control-Allow-Origin", "*"); // 允许所有域名访问
        $response->header("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
        $response->header("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With");
        $response->header("Access-Control-Allow-Credentials", "true"); // 允许携带凭证
        return $response;
    }
}